1. Field
The present disclosure relates generally to the field of digital security, and more specifically to detecting a computing system that has been compromised by a digital security threat.
2. Description of Related Art
The proliferation of computing technologies continues to present challenges in the field of digital security. As is well-known, a malicious entity can use one networked computer (i.e., a network node) to spread malicious computer data to other network nodes, and thereby inflict system disruption and economic loss. Network nodes that become compromised may further spread malicious computer data to additional network nodes and cause additional damage.
One of ordinary skill in the art would appreciate that a networked computer (or more generally, a computing system) can be susceptible to attacks such as those that are based on computer viruses, malware, worms, Trojan horses, bots, intrusions (e.g., unauthorized access), exploits (e.g., escalation of privileges, violation of confidentiality), time-based attacks (e.g., Denial of Service), or the like. The term “threat” is used to describe one or more of these types of attacks.
Digital security technologies may be used to counter these types of attacks by detecting and/or removing malicious computer data from computing systems. One of ordinary skill in the art would appreciate that digital security technologies can reside at various network nodes, can be packaged in hardware and/or software form, and encompass technologies that are loosely called “anti-virus software”, “malware detection”, “intrusion prevention”, “anti-attack”, firewall, or the like, though the terms are not identical in meaning. A broader term, “Unified Threat Management” (“UTM”), has also been used to describe one or more of these implementations of digital security technologies.
Conventional digital security technologies typically detect threats using signatures that correspond to specific threats, meaning that the detection of a threat relies on the a priori knowledge of the specific threat and the availability of a signature for that specific threat. For example, conventional digital security technologies may scan a computing system using the signature of a given computer virus to detect whether the given computer virus is present in the computing system. One drawback of these types of technologies is that threats for which signatures are not yet available cannot be detected.